From: Christian Brauner <christian.brauner@ubuntu.com>
Date: Fri, 26 Mar 2021 21:47:55 +0000 (+0100)
Subject: confile: fix setting prlimits
X-Git-Tag: lxc-5.0.0~238^2~1
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=631d271533a6031c2f931d593d2320be0e828a58;p=thirdparty%2Flxc.git

confile: fix setting prlimits

Fixes: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=32532
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
---

diff --git a/src/lxc/conf.h b/src/lxc/conf.h
index 31f072d39..b93c65276 100644
--- a/src/lxc/conf.h
+++ b/src/lxc/conf.h
@@ -104,7 +104,7 @@ struct lxc_limit {
 static void free_lxc_limit(struct lxc_limit *ptr)
 {
 	if (ptr) {
-		free(ptr->resource);
+		free_disarm(ptr->resource);
 		free_disarm(ptr);
 	}
 }
diff --git a/src/lxc/confile.c b/src/lxc/confile.c
index e6a1c017a..73ffce7eb 100644
--- a/src/lxc/confile.c
+++ b/src/lxc/confile.c
@@ -1929,8 +1929,8 @@ static bool parse_limit_value(const char **value, rlim_t *res)
 static int set_config_prlimit(const char *key, const char *value,
 			    struct lxc_conf *lxc_conf, void *data)
 {
-	__do_free struct lxc_list *limlist = NULL;
-	call_cleaner(free_lxc_limit) struct lxc_limit *limelem = NULL;
+	__do_free struct lxc_list *list = NULL;
+	call_cleaner(free_lxc_limit) struct lxc_limit *elem = NULL;
 	struct lxc_list *iter;
 	struct rlimit limit;
 	rlim_t limit_value;
@@ -1981,29 +1981,31 @@ static int set_config_prlimit(const char *key, const char *value,
 
 	/* find existing list element */
 	lxc_list_for_each(iter, &lxc_conf->limits) {
-		limelem = iter->elem;
-		if (strequal(key, limelem->resource)) {
-			limelem->limit = limit;
-			return 0;
-		}
+		struct lxc_limit *cur = iter->elem;
+
+		if (!strequal(key, cur->resource))
+			continue;
+
+		cur->limit = limit;
+		return 0;
 	}
 
 	/* allocate list element */
-	limlist = lxc_list_new();
-	if (!limlist)
+	list = lxc_list_new();
+	if (!list)
 		return ret_errno(ENOMEM);
 
-	limelem = zalloc(sizeof(*limelem));
-	if (!limelem)
+	elem = zalloc(sizeof(*elem));
+	if (!elem)
 		return ret_errno(ENOMEM);
 
-	limelem->resource = strdup(key);
-	if (!limelem->resource)
+	elem->resource = strdup(key);
+	if (!elem->resource)
 		return ret_errno(ENOMEM);
 
-	limelem->limit = limit;
-	lxc_list_add_elem(limlist, move_ptr(limelem));;
-	lxc_list_add_tail(&lxc_conf->limits, move_ptr(limlist));
+	elem->limit = limit;
+	lxc_list_add_elem(list, move_ptr(elem));;
+	lxc_list_add_tail(&lxc_conf->limits, move_ptr(list));
 
 	return 0;
 }